Cyber Resilience

CVE-2026-25702

High

Published: 05 March 2026

Published
05 March 2026
Modified
09 March 2026
KEV Added
Patch
CVSS Score v3.1 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score 0.0020 10.3th percentile
Risk Priority 55 floored blend · peak EPSS

Summary

CVE-2026-25702 is a high-severity Improper Access Control (CWE-284) vulnerability in Suse Linux Enterprise Server. Its CVSS base score is 7.3 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Disable or Modify System Firewall (T1686); ranked at the 10.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SC-7 (Boundary Protection).

Deeper analysis

CVE-2026-25702 is an Improper Access Control vulnerability (CWE-284) in the kernel of SUSE Linux Enterprise Server 12 SP5. The flaw causes nftables to break, rendering firewall rules applied via nftables ineffective. It affects SUSE Linux Enterprise Server kernel versions from commit 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before commit 9c294edb7085fb91650bc12233495a8974c5ff2d.

The vulnerability has a CVSS v3.1 base score of 7.3 (AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L), indicating it is exploitable remotely over the network with low attack complexity, no privileges or user interaction required, and unchanged impact scope. Attackers can achieve limited effects on confidentiality, integrity, and availability by bypassing nftables-enforced firewall rules.

SUSE's advisory details mitigation, with the fix introduced at kernel commit 9c294edb7085fb91650bc12233495a8974c5ff2d. Security practitioners should update affected SUSE Linux Enterprise Server 12 SP5 systems to incorporate this patch, as referenced in https://bugzilla.suse.com/show_bug.cgi?id=CVE-2026-25702.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

A Improper Access Control vulnerability in the kernel of SUSE SUSE Linux Enterprise Server 12 SP5 breaks nftables, causing firewall rules applied via nftables to not be effective.This issue affects SUSE Linux Enterprise Server: from 9e6d9d4601768c75fdb0bad3fbbe636e748939c2 before 9c294edb7085fb91650bc12233495a8974c5ff2d.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1686 Disable or Modify System Firewall Defense Impairment
Adversaries may disable or modify host-based or network firewalls to impair defensive mechanisms and enable further action.
Why these techniques?

The vulnerability directly breaks nftables enforcement, allowing remote bypass of system firewall rules with no privileges required; this maps precisely to disabling or modifying the system firewall to evade network controls.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-44543Same vendor: Suse
CVE-2025-67601Same vendor: Suse
CVE-2026-32038Shared CWE-284
CVE-2026-20628Shared CWE-284
CVE-2024-12368Shared CWE-284
CVE-2026-7198Shared CWE-284
CVE-2026-46818Shared CWE-284
CVE-2025-57130Shared CWE-284
CVE-2025-70363Shared CWE-284
CVE-2026-34310Shared CWE-284

Affected Assets

suse
linux enterprise server
12

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces approved authorizations on system resources; the CVE is a kernel-level failure of nftables access-control enforcement that allows unauthorized network flows.

prevent

Requires boundary-protection mechanisms such as host-based firewalls; the CVE renders the nftables boundary ineffective, permitting bypass of intended ingress/egress controls.

prevent

Mandates timely installation of security-relevant patches; the only corrective action for this kernel flaw is application of the fix at commit 9c294edb7085fb91650bc12233495a8974c5ff2d.

References